Although, I did have another idea; if we can't probe them according to our
laws, what about according to someone elses? If what you say about
foreign telnet servers is true, could we perform the study through an
external site? Or would we be forced into silence by the questionable
legality of it?
Better statement: How about we makes some friends in the Czech republic
(or similar eastern European country),
where it's smiled upon to probe american systems, and co-write a paper
with them? Their measurements, a composite group analysis, and we look
good for our international cooperation skills as well as our research.
Oh, and by the by; that mexican site from whence we were hacked doesn't
appear to be a telnet server. At least not through port 254. There are,
however, several odd ports that connect, but give no information
(following a \n). {7,9,11,15,53,139} are all unfamiliar to me.
On Wed, 15 Jul 1998, Stefan Savage wrote:
> Date: Wed, 15 Jul 1998 23:09:58 -0700
> From: Stefan Savage <savage@cs.washington.edu>
> To: 'John Snell' <geigudr@cs.washington.edu>,
> Stefan Savage <savage@cs.washington.edu>
> Cc: syn@cs.washington.edu
> Subject: RE: [5550] Re: Router Access Attempt
>
> Not a game we want to be playing. If we want to probe MCI routers then
> we should ask them first.
>
> As for legal grounds, the biggest one is the CFAA
> (see http://www.law.cornell.edu/uscode/18/1030.html)
>
> The Computer Fraud and Abuse Act prevents any unauthorized access
> although this is limited to "Federal Interest" computers. It does not
> require "intent to cause harm" (this was what rtm was convicted under)
>
> There have also been applications of the Federal Wire Fraud Act in this
> space (is this was that got lamaccia on?). This seems less applicable
> considering no fraud was perpetrated in our case.
>
> Many states have anti-tampering/hacking laws... I don't know if
> Washington does, but California certainly does. The California law in
> particular forbids access to a computer system without permission. Its
> a criminal offense... $250 for first offence, $10,000 and up to three 3
> years after that.
>
> Finally, were we to send a "tough" message, they would simply escalate
> to our lawyers. The prospect of UW standing fast to protect our right
> to send unwanted packets at MCI's routers seems somewhat fantastical.
> Not a fight worth having.
>
> - Stefan
>
>
>
> > -----Original Message-----
> > From: John Snell [SMTP:geigudr@cs.washington.edu]
> > Sent: Wednesday, July 15, 1998 9:34 PM
> > To: Stefan Savage
> > Cc: syn@cs.washington.edu
> > Subject: RE: [5550] Re: Router Access Attempt
> >
> >
> > You know, this statement makes no claims about the legality of our
> > sending
> > packets to their routers. We are in fact a major research university,
> > with heavy DARPA funding, and a have valid excuse to be sending
> > packets to
> > them.
> >
> > I think a firm, polite statement, of "tough" is in order. Unless
> > someone
> > thinks that they actually have some legal ground to be standing upon,
> > we
> > should have no real problems with them.
> >
> >
> > > > MCI Data Systems Security kindly requests that you do not make
> > > attempts to
> > > > access any of our routers. If you need some assistance for a
> > problem
> > > or issue
> >
> >
> >
> > On Wed, 15 Jul 1998, Stefan Savage wrote:
> >
> > > Date: Wed, 15 Jul 1998 21:19:20 -0700
> > > From: Stefan Savage <savage@cs.washington.edu>
> > > To: 'David Becker' <becker@major.cs.washington.edu>,
> > syn@cs.washington.edu
> > > Subject: RE: [5550] Re: Router Access Attempt
> > >
> > > Ooops... well, I guess we'll have to stick to end-to-end
> > measurements
> > > ;-)
> > >
> > > - Stefan
> > >
> > > > -----Original Message-----
> > > > From: David Becker [SMTP:becker@major.cs.washington.edu]
> > > > Sent: Wednesday, July 15, 1998 8:20 PM
> > > > To: syn@cs.washington.edu
> > > > Subject: [5550] Re: Router Access Attempt
> > > >
> > > >
> > > > To keep everyone informed, MCI complained to C&C about a test I
> > ran
> > > > today.
> > > > I checked one of their interior routers,
> > > > core5.WillowSprings.mci.net(204.70.4.97)
> > > > to see if any useful tcp ports connected.
> > > >
> > > > The idea is to measure asymetric per-hop drop rates using the
> > state
> > > > that any TCP
> > > > connection must maintain. Most interior routers will respond to
> > > > telnet
> > > > and/or finger connections and thats all we need for the
> > measurement
> > > > (in theory).
> > > >
> > > > I will have to check my command history tomorrow to see precisely
> > how
> > > > I
> > > > triggered MCIs security machinery.
> > > >
> > > >
> > > > ------- Forwarded Message
> > > >
> > > > Date: Wed, 15 Jul 1998 18:04:53 -0700 (PDT)
> > > > From: Linda Wright <lwright@cac.washington.edu>
> > > > To: security@mci.net, yenbut@cs.washington.edu
> > > > cc: noc@cac.washington.edu, aboone@Tymnet.COM,
> > info@u.washington.edu
> > > > Subject: [5550] Re: Router Access Attempt
> > > > In-Reply-To: <9807160041.AA29703@january.Tymnet.COM>
> > > > Message-ID:
> > > >
> > <Pine.ULT.3.95.980715180257.11050G-100000@shiva2.cac.washington.edu>
> > > > MIME-Version: 1.0
> > > > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > > > X-UIDL: b638be74afcad0445706f9ae3d57fcd8
> > > >
> > > > Thank you for your report. We have copied the domain
> > > > administrator for CS.WASHINGTON.EDU on this email and
> > > > they will be responsible for following up with you.
> > > >
> > > > wakko.cs.washington.edu:
> > > > Internet address = 128.95.2.48
> > > > Mail exchanger = june.cs.washington.edu, preference 10
> > > > = trout.cs.washington.edu, preference 20
> > > >
> > > > - -Linda Wright
> > > > University of Washington
> > > > Network Operations Center
> > > > 206.543.5128
> > > >
> > > > On Wed, 15 Jul 1998 security@mci.net wrote:
> > > >
> > > > >
> > > > > MCI TELECOMMUNICATIONS CORP.
> > > > > DATA SYSTEMS SECURITY
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > TO: University of Washington
> > > > > FROM: Data Systems Security (Anita Boone)
> > > > > SUBJECT: Router Access Attempt
> > > > > DATE: July 15, 1998
> > > > >
> > > >
> > ======================================================================
> > > > ========
> > > > >
> > > > > MCI Data Systems Security kindly requests that you do not make
> > > > attempts to
> > > > > access any of our routers. If you need some assistance for a
> > problem
> > > > or issue
> > > > > that regards MCI, you can contact our Internet support at
> > > > 1-800/977-4662,
> > > > > or send e-mail to trouble@mci.net.
> > > > > Thank-You.
> > > > >
> > > > >
> > > > > Router core5.WillowSprings.mci.net -Rsh connection attempt
> > from
> > > > 128.95.2.48
> > > > > (2 times / 1 mins) Up-to-minute total count for 128.95.2.48 is
> > 2
> > > > > =====================
> > > > > ERROR Message: Jul 15 19:35:44 core5.WillowSprings.mci.net
> > 13402:
> > > > Jul 15
> > > > > 19:36:02.495 EDT: Attempted to connect to
> > > > core5.WillowSprings.mci.net
> > > > > from 128.95.2.48
> > > > >
> > > > > Where time is EDT.
> > > > >
> > > > >
> > > >
> > ======================================================================
> > > > ========
> > > > > data-systems-security@mci.com | Internet:
> > security@mci.net
> > > > > Voice: (408) 922-6004 | Fax: (408) 922-8870
> > > > > http://ird.security.mci.net
> > > > > Toll Free: (888) 860-3382
> > > > >
> > >
> >
> > ______________________________________________________________________
> > _______
> > "The human mind is a 400,000-year-old legacy application...and you
> > expected
> > to find structured programming?" -- Randall Davis, 1996 AAAI Pres.
> > Address
>
_____________________________________________________________________________
"The human mind is a 400,000-year-old legacy application...and you expected
to find structured programming?" -- Randall Davis, 1996 AAAI Pres. Address